Introduction to Mobile Ransomware: The Rise and Risks of the Mobile-First Business
In recent years, we’ve entered an era of the mobile-first business. Mobile-first initiatives are how businesses will remain competitive, and viable, moving forward. These initiatives will continue to get more integral to how government agencies serve citizens and address their top-level charters.
In this mobile-first paradigm, there are big opportunities, but equally sizable risks. As organizations and consumers grow increasingly focused on mobile, it’s no surprise that mobile is where malicious actors turn their focus, and ransomware is no exception.
The Rising Specter of Mobile Ransomware
In 2022, cybercriminals extorted more than $450 million from businesses and government agencies, and the year was one of the most active, with malware strains targeting organizations of all sizes.
According to the FBI Internet Crime Report, top sectors being targeted include healthcare, manufacturing, and government agencies, but 2022 saw organizations in pretty much every industry being victimized.
Evolving Nature of Mobile Ransomware Attacks
In years past, cybercriminals would have largely initiated their attacks by targeting a laptop user. The notorious “WannaCry” attack that surfaced in 2017 used a vulnerability in Windows operating systems (OSs) to infect host machines. Once the system was breached, the ransomware would encrypt the files and demand payment, often in cryptocurrency. Ostensibly, it would only be after payment was received that the criminal would give the victim a way to decrypt their files.
It is important to note that, given the nature of Windows permissions, these types of attacks can encrypt the entire file system, while enabling the OS, and therefore the laptop, to function properly.
Mobile Devices Increasingly Targeted by Mobile Ransomware
Now, mobile devices are increasingly the target of choice. Thousands of different mobile malware strains have been detected that are intended to encrypt files and hold them for ransom. Specific strains were found that could encrypt files and lock devices. In fact, in 2022 Zimperium detected 17,000 unique ransomware samples that targeted mobile devices.
Distinct Nature of Mobile Ransomware
It is important to recognize that ransomware functions differently on mobile devices. Android and Apple iOS devices have sandboxing and permission models that are different than laptops. Most importantly, each mobile app runs in its own partitioned environment. This can limit the potential damage of a mobile ransomware attack. For example, an attacker may only be able to encrypt the data accessed by one specific app. For these reasons, cyberattackers often employ ransomware that can effectively take control over the entire mobile device.
Examples of Mobile Ransomware
There are several different categories of mobile ransomware. In fact, in 2022 Zimperium detected 90,000 ransomware attacks. Here are a few examples of common types of ransomware attacks that you should know:
- Locker ransomware. This malware employs a lock screen that blocks a victim from interacting with the device. This can be achieved by surreptitiously changing the system PIN number or by creating a top-level screen that blocks users from gaining access to existing apps and functionality.
- Crypto ransomware. This strain of ransomware encrypts files, including photos and documents. Typically, once the malware infects a device, it then connects with a command-and-control server to retrieve a dynamically generated cryptographic key. It is only when users pay the ransom that they can access the key needed to decrypt their files.
- Leaker locker. After being installed on a victim’s device, this ransomware collects personal information, such as details on the device owner’s contacts. Victims are extorted for payment, and, if it isn’t provided, the malicious actor threatens to distribute sensitive information to all the victim’s contacts.
How Zimperium Can Help
Through ransomware and a number of other tactics, cybercriminals continue to attack mobile devices, putting individual users’ data and organizational assets at risk. It’s therefore vital for organizations to establish strong defenses around mobile devices so they can thwart these potentially devastating attacks.
Zimperium delivers solutions that are specifically designed for the unique security demands of mobile apps and endpoints. Zimperium Mobile Threat Defense (MTD) protects both corporate- and employee-owned devices against device, network, phishing, and application attacks.
These solutions are uniquely equipped to help organizations establish a mobile-first security posture. With Zimperium solutions, teams can detect and thwart mobile ransomware attacks.
To learn more about how Zimperium solutions can help safeguard your organization against devastating ransomware attacks, be sure to contact us and request a demo.